
What is claimed is: 



A method for initializing a first device distributed with an embedded radio module using 
server, said server having an embedded radio module, said method comprising the 
steps of: 



sending af\ inquiry from said server to said first device using said embedded radio 
modules; 

returning, frcJfn said first device, a unique device identifier of said first device, to said 
server; 

creating, at said server, a public key, private key pair for said first device; 

creating, at said server, a device certificate for said first device, said device certificate 
having a unique hardware identifier associated with said first device and a public key 
associated with sand first device; 

transmitting said private key, and said device certificate, and a public key of a Certificate 
Authority which signed said device certificate, to said first device; and, 

storing said private key \n non-removable protected storage at said first device. 

2. A method as claimed Vi claim 1 wherein said protected storage is write-only storage 
able to perform computations involving previously-written data. 



3. A method as claimed in plaim 1 wherein a copy of said certificate is stored in an 
enterprise database. 
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4. A method as claimed in claim 1 wherein a copy of said certificate is stored in an LDAP 
directory. 

5. A methockfor initializing a first device distributed with an embedded radio module using 
a server, said server having an embedded radio module, said method comprising the steps 
of: 

sending an inquir^ from said server to said first device using said embedded radio 
modules; 

creating, at said first device, a public key, private key pair for said first device; 
storing, at said first device\said private key in non-removable protected storage; 



returning, from said first device, a unique device identifier and said public key of said first 
device, to said server; \ 

\ 

creating, at said server, a device pertificate for said first device, said device certificate 

\ 

having said device identifier and sai<^ public key; and 

transmitting said said device certificate^nd a public key of a Certificate Authority which 

signed said device certificate to said first device. 

\ 
\ 

6. A method as claimed in claim 6 wherein said protected storage is a write-only storage 
able to perform computations involving previously-written data. 



7. A system for initializing a first device distributed witrkan embedded radio module using 
a a server, said server having an embedded radio moduJe, said system comprising: 
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a communications mechanism for sending an inquiry from said server to said first device 
using said embedded radio modules, and returning, from said first device, a unique device 
identifier of said first device, to said server; 

a processor at said server for creating a public key, private key pair for said first device; 

a device certificate, created at said server, for said first device, said device certificate 
having a unique hardware identifier associated with said first device and a public key 
associated with said first device; 

wherein said communications mechanism transmitts said private key, and said device 
certificate, and a public key of a Certificate Authority which signed said device certificate, 
to said first device; and, said processor stores said private key in non-removable protected 
storage at said first device. 

8. A system as claimed in claim 7 wherein said protected storage is write-only storage 
able to perform computations involving previously-written data. 

\ 

9. A system as claimed in claim 7 whereir^a copy of said certificate is stored in an 

enterprise database. \ 

\ 

10. A system as claimed in claim 7 wherein a^copy of said certificate is stored in an 
LDAP directory. 

11. An initialization system, said system comprising: 
a first device, said first device having an embedded radio\nodule; 
a server, said server having an embedded radio module; 
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4 a communications mechanism,\said communications mechanism sending an inquiry from 

5 said server to said first device using said embedded radio modules; 

6 wherein said first device createsla public key, private key pair for said first device, stores 

7 said private key in non-removable\protected storage, and returns a unique device identifier 

8 and said public key of said first device, to said server; 

9 said server creates a device certificate for said first device, said device certificate having 

10 said device identifier and said public Vey; and transmittis said said device certificate and 

11 a public key of a Certificate Authority\which signed said device certificate to said first 

12 device. \ 

MP 12. A system as claimed in claim 11 wherein said protected storage is a write-only 

y storage able to perform computations involving previously-written data. 

t \ 

m \ 

§ 13. A program for initializing a first device distributed with an embedded radio module 

;L2 using a a server, said server having an embedde^radio module, said method comprising: 

1 \ 

;J computer program code means of sending an inquiry from said server to said first device 

M using said embedded radio modules; \ 

\ 

5 computer program code means of returning, from said first device, a unique device 

6 identifier of said first device, to said server; \ 

\ 

7 computer program code means of creating, at said server, a public key, private key pair for 

8 said first device; \ 



CR9-99-045 



-26- 



9 computer program code means of creating, at said server, a device certificate for said first 

10 device, said device certificate having a unique hardware identifier associated with said first 

1 1 device and a public key associated with said first device; 

12 computer program code means of transmitting said private key, and said device certificate, 

13 and a public key of a CertificateWthority which signed said device certificate, to said first 

14 device; and, \ 

15 computer program code means ot storing said private key in non-removable protected 

16 storage at said first device. \ 

1 14. A program as claimed in claim 13 wherein said protected storage is write-only 

□ storage able to perform computationsWolving previously-written data. 

UJ \ 

3 15. A program as claimed in claim 13 wherein a copy of said certificate is stored in an 
enterprise database. \ 

s V 

a J. 16. A program as claimed in claim 13 wherein a copy of said certificate is stored in an 

;I LDAP directory. \ 

jsrs ^ 

yS 17. A program for initializing a first device distributed with an embedded radio module 

H using a server, said server having an embedded f^dio module, said method comprising: 

3 computer program code means of sending an inquiry\from said server to said first device 

4 using said embedded radio modules; \ 

5 computer program code means of creating, at said first device, a public key, private key 

6 pair for said first device; \ 
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computer program cope means of storing, at said first device, said private key in non- 
removable protected sxorage; 

computer program code means of returning, from said first device, a unique device 
identifier and said public key of said first device, to said server; 

computer program code means of creating, at said server, a device certificate for said first 
device, said device certificate having said device identifier and said public key; and 

transmitting said said device certificate and a public key of a Certificate Authority which 
signed said device certificate to said first device. 

18. A program as claimed in claim 17 wherein said protected storage is a write-only 
storage able to perform computationsVivolving previously-written data. 
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